cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
3435
Views
20
Helpful
15
Replies
Matthieu Malyga
Beginner

CUCM > Conductor > Telepresence Server integration - does it need TLS or not ?

Hi,

 

I have followed this document to deploy a CUCM with Conductor/Telepresence server integration.

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/conductor/config_guide/TelePresence-Conductor-Unified-CM-Deployment-Guide-XC2-3.pdf

 

I have :

- CUCM v 10.5 (virtual)

- Conductor XC2.3 (virtual)

- Telepresence server v 4.0 on Multiparty Media 310

 

The doc says that Conductor can use Encrypted SIP (TLS) port 5061 and HTTPS port 443 but is it a prerequisite or not ?


I have configured everything with HTTP 80 and SIP (TCP+UDP) 5060 but I have this error message in the call history of Conductor when I try to do an ad-hoc conference :

B2BUA generated 404 Not Found due to a TLS failure on the Egress

 

15 REPLIES 15
adbaker
Beginner

Hi There,

I'm doing the same as you but with v10 of CUCM. I don't get the same error but calls are failing when I dial into a Meetme number mapped to a 'Rendezvous' service on Conductor/TPS.

Did you get things working?

Ade

According to an answer from Cisco support, TLS is mandatory. You cannot make this work if you don't configure SIP TLS and HTTPS between CUCM, Conductor and the Telepresence server.

I made it work (ad-hoc and rendez-vous) with configuring TLS (following the configuration guide).

 

Hi Matthieu Malyga

i've have the same problems.

 

please can you say, what certificarte downloaded on cucm to install on Conductor?.

You have to make the CUCM certificate being signed by a CA.

Under certificate management, click on CSR Request. Choose Call Manager.

Then download CSR, choose Call Manager.

Go to your CA (either private or public) and give it the CSR so that it can be signed.

Upload the certificate to the CUCM.

Do the exact same process for Conductor.

Then you also have to upload the CA certificate to both CUCM (Call Manager trust) and Conductor.

Everything is explained in the "deploying certificates guide" of Conductor.

hi Matthieu Malyga

thanks for you information.

 

but i've a doubt when the CA signed my CSR. i'm obtain my cucm CA signed.

first need upload CA root certificate on cucm (call manager trust) and then upload the new certificate CA for cucm on (call manager)

 

that's correct?

 

Yes, first the CA certificate, then the CUCM certificate.

When you upload the CUCM certificate, you also have to indicate the name of the "root" certificate, the CN name of the CA certificate.

You can also not use any CA. Just upload the Conductor certificate (which is by default self-signed by a temporary CA, hence it is this default temporary CA that you would upload, not the Conductor certificate itself) on the CUCM and vice versa, upload the CUCM certificate (self-signed by default) to Conductor.

This is what I did lastly and it works fine. This is easier as you don't need any CA involved. OK for a lab, not for a production environnement.

Matthieu Malyga ,

Can you explain more this step please ?

Just upload the Conductor certificate (which is by default self-signed by a temporary CA, hence it is this default temporary CA that you would upload, not the Conductor certificate itself) on the CUCM - In this step i take the certificate (sign) of the CUCM or CA ? I put in Trusted CA Certificate or in Server Certificate?

 

and vice versa, upload the CUCM certificate (self-signed by default) to Conductor. - Where in CUCM os administrator page ?

How can i export the "default" temporary CA from Conductor?

Does the UCM cluster need to be configured for mixed-mode for this to work?

No.

Hi Matthieu

 

This is not 100% correct.  

 

TLS is required between vTS and the Conductor.  You can use TCP and HTTP between the Conductor and CUCM.

Hello Matthieu !

                         Do we need to upload certificate in TPS to make TLS communicate between

conductor ? 

KV

No need to upload certificate in Telepresence Server. You will need the encryption key to be able to use TLS for encrypted communication (mandatory) between Telepresence Server and Conductor.

For Telepresence Server version 4.1(2.33) or earlier, encryption key is required. Beginning with version 4.2, it is no longer required.

regards,

Acevirgil

Thanks ; By the way cucm can communicate without certificate ..Right ?by using HTTP?

Content for Community-Ad

Spotlight Awards 2021